FedRAMP Package Access Request Form For Review of FedRAMP Security Package

Similar documents
OTTO Archive, LLC CONTENT LICENSE AGREEMENT

RETS DATA ACCESS AGREEMENT

INDEPENDENT CONTRACTOR AGREEMENT

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

I300 SOFTWARE LICENSE AGREEMENT 1. DEFINITIONS

Connecticut Multiple Listing Service, Inc.

GWINNETT COUNTY GIS DATA LICENSE AGREEMENT

ADDENDUM TO STANDARD CONTRACT BETWEEN Community Coordinated Care for Children, Inc. (4C) AND (CONTRACTOR)

About The Beta Participant Agreement

END-USER LICENSE AGREEMENT

SOFTWARE END USER LICENSE AGREEMENT

VOLUNTARY DISCLOSURE AGREEMENT. The State of Florida Department of Financial Services, Division of Unclaimed Property, 200

Municipal Code Online Inc. Software as a Service Agreement

ACT, Inc. ( ACT ) and Customer agree as follows: Effective Date: August 8, 2017

Error Report(s) shall mean the document to be created by ispring Software each time an Error occurs in the Software.

External Data Access Application

COLLABORATIVE RESEARCH AGREEMENT

1. THE SYSTEM AND INFORMATION ACCESS

JOINT MARKETING AND SALES REFERRAL AGREEMENT

TERMS AND CONDITIONS FOR BANTU PRODUCTS AND SERVICES

Midwest Real Estate Data, LLC. MRED Participant Agreement 1 DEFINITIONS AND USAGE. MRED S OBLIGATIONS. PARTICIPANT ACKNOWLEDGMENTS.

APPLICATION Merchandising Use of Centennial Logo & Slogan

SERVICE AGREEMENT TRAINING OR WORKSHOP

RELIBIT LABS MUTUAL NON DISCLOSURE AGREEMENT

PeachCourt Document Access User Agreement Terms of Use

HOSTED SERVICES AGREEMENT

Black Ops Logistics, LLC

End User License Agreement

INDEPENDENT SALES ASSOCIATE AGREEMENT

INDEPENDENT CONTRACTOR TERMS OF AGREEMENT Return to the Division of Human Resources when complete. Name: Individual: Business: (mark one)

EDGAR CERTIFICATIONS ADDENDUM FOR AGREEMENT FUNDED BY U.S. FEDERAL GRANT

INTERNET ADVERTISING AGREEMENT. THIS AGREEMENT made as of this day of, 2004.

TEXAS DEPARTMENT OF PUBLIC SAFETY 5805 NORTH LAMAR BOULEVARD POST OFFICE BOX 4087, AUSTIN, TX /

GPS & REMOTE DRUG / ALCOHOL OFFENDER MONITORING SERVICE PROVIDER AGREEMENT

III. For which Fiscal Year (FY) is this recommendation being made: Estimated Start Date Estimated Completion Date

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

(FULL LEGAL NAME OF SUBSCRIBER)

DigiCert, Inc. Certificate Subscriber Agreement

Model Business Associate Agreement

SaaS Software Escrow Agreement [Agreement Number EL ]

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Sacramento Public Library Authority

AGREEMENT FOR SERVICE AGREEMENT FOR SERVICE

WU contract # NON EXCLUSIVE LICENSE AGREEMENT

Direct Phone Number: Last Name: Title: Alliance Primary Contact (if different than authorized signatory contact): First Name:

SERVICES TERMS AND CONDITIONS

Fulton Bonanza. Step #1

usdrp DISPUTE PROVIDER AGREEMENT (Approved by the U. S. Dept. of Commerce on February 21, 2002)

OHIO MEDICAID SUPPLEMENTAL REBATE AGREEMENT

Request for Vendor Contract Update

the Notices section below.

PCI Security Standards Council, LLC Payment Card Industry Vendor Release Agreement

DATA USE AGREEMENT RECITALS

THIS SUBSCRIPTION AGREEMENT ( AGREEMENT ) GOVERNS YOUR 30-DAY FREE TRIAL OF THE SERVICES.

JACK AND JILL OF AMERICA, INC. LOGO LICENSE AGREEMENT

VISA Inc. VISA 3-D Secure Authentication Services Testing Agreement

SOFTWARE END USER LICENSE AGREEMENT (Load Systems Software and Firmware)

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

DATA COLLECTION AGREEMENT MASTER TERMS RECITALS

This Agreement was last updated on June 14th, It is effective between You and Axosoft as of the date of You accepting this Agreement.

eformz Mini-Manual ereader - How To

SDK Single License Agreement (SLA) July 18, 2016

END-USER SOFTWARE LICENSE AGREEMENT

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

CORPORATE FARE TERMS & CONDITIONS

Addendum # 1 BL Rhodes Jordan Park Multi-Purpose Field Conversion

COLOR PRINTER DRIVER FOR WINDOWS 10/8/7/Vista 32-bit and 64-bit LICENSE AGREEMENT

CODERED NEXT SERVICES AGREEMENT

EMC Proven Professional Program

IDX Paperwork Cover Sheet

OPEN DESIGN ALLIANCE EVALUATION LICENSE AGREEMENT

EDGAR CERTIFICATIONS ADDENDUM FOR PROCUREMENT CONTRACTS

SPONSORSHIP AGREEMENT

Auto-print SDK/ACTIVEX DISTRIBUTION LICENSE AGREEMENT

Digia Commerce Oy Ab SOFTWARE END USER LICENSE AGREEMENT

Approved for Public Release. Distribution Unlimited. PRS Case number: The MITRE Corporation. All rights reserved.

INTERNSHIP TERMS. For Graduate Student Educational Projects. Undertaken Through the UNIVERSITY OF ALBERTA

END-USER LICENSE AGREEMENT (EULA) for NICE Software and Solutions

ABC-CLIO Database License Agreement

AGILE RISK MANAGEMENT LLC MASTER SOFTWARE LICENSE AGREEMENT

Drive Trust Alliance Member Services Agreement

Mobile Deposit User Agreement

South Carolina Department of Motor Vehicles

UACCEPT POINT OF SALE SYSTEM END USER LICENSE AGREEMENT

AGREEMENT WHEREAS WHEREAS, WHEREAS, NOW, THEREFORE, Grant of License.

SLA0056 Software license agreement

PARTICIPANT LICENSE AGREEMENT FOR INTERNET DATA EXCHANGE VIRTUAL OFFICE WEBSITE LICENSEE INTERNAL USE

Membership Terms & Conditions

City State Country Zip. Contact Name Telephone Fax

SHARED WORKSPACE TERMS OF USE

DATABASE AND TRADEMARK LICENSE AGREEMENT

Equipment Loan and Collaboration Agreement. Between. Company Name. and the. University of Florida Board of Trustees

CSI WORKSHOP LICENSE AGREEMENT FOR INTERNAL USE

Agent/Agency Agreement

HARRISBURG SCHOOL DISTRICT CONSULTING CONTRACT AGREEMENT

LICENSE AND SUPPORT AGREEMENT

AUTONOMIE COMMERCIAL SOFTWARE LICENSE AGREEMENT

Data Licensing Agreement

MDP LABS SERVICES AGREEMENT

Transcription:

FedRAMP Package Access Request Form For Review of FedRAMP Security Package INSTRUCTIONS: 1. Please complete this form, then print and sign. 2. Distribute to your Government Supervisor for review and signature. 3. Please email your signed Request Form to info@fedramp.gov. You must have a.gov or.mil email address to access a FedRAMP Security Package. User Information Date of Request: First Name: Last Name: Agency or Department: Bureau: Office: E-Mail Address: Phone: Select one: Federal Employee Alternate Phone: Federal Contractor If yes, what organization?: If you are a Federal contractor, please also review Attachment A: Federal Contractor Non Disclosure Agreement for FedRAMP, sign and attach to this request. Requested Package Name of Package Requested: What is the Package ID (located on the CSP listing on FedRAMP.gov)? If you are not a current customer, access is granted for 30 days in order to properly ensure a high level of access control and maintain proper security over the security authorization packages. Permanent access is only granted to CSP customers. Access Authorization All reviewers are required to use multi-factor authentication via PIV (Personal Identity Verification) card to obtain access to the FedRAMP secure repository on the OMB MAX system. Please go to https://omb.max.gov to register. In order to gain access to the FedRAMP secure repository, the FedRAMP PMO requires approval from an Authorized FedRAMP Approver. This is your agency CISO or someone they have designated. Authorized FedRAMP Approver: First Name: Last Name: Phone: Email: Title: Agency / Department: Bureau: Office: Page 1 of 6 Version 5 3/1/2017

Please indicate the reason you want to review this Security Package: We are shopping for a cloud service provider. We already use this cloud service provider. Other: Please initial each box. Agreement for Package Reviewers By completing and submitting this form you have confirmed and agree to the following: I agree to abide by all security policies, standards, and procedures of my respective agency. I also agree to abide by the General Rules of Behavior provided to me by the FedRAMP PMO. I understand that GSA may monitor and audit the usage of my account and that using the system constitutes consent to such monitoring and auditing. I agree to use FedRAMP packages only for authorized purposes related to official business. I have a.gov or.mil email account that is registered on https://max.omb.gov. I will not disclose information in FedRAMP Security Packages to any third-parties, i.e., any parties not expressly authorized to have access to the information by the FedRAMP Program Management Office or the company that submitted the Security Package. I will not save, print, email, post, publish, or reproduce any FedRAMP Security Package documents in any form including all electronic methods. To the extent I must download FedRAMP Security Package documents in order to view them, once my review is comp complete for a given session, I agree to destroy and delete all copies of FedRAMP Security Package documents. To the extent I must download FedRAMP Security Package documents in order to view them, I agree to do so only on government furnished equipment and devices. I will not download FedRAMP Security Package documents on non-government equipment and devices. The undersigned prospective package reviewer certifies that the information listed above is current and accurate. I m requesting access solely for purposes of granting a security authorization for the cloud service referenced in this request. I understand that permanent access is only granted to agency members who have an ATO letter on file with the FedRAMP office. I understand and acknowledge that violation of this agreement is subject to the federal criminal prohibitions on theft of proprietary information and trade secrets by government employees, 18 U.S.C. 1905, and theft of trade secrets for commercial advantage, 18 U.S.C. 1832, which make it a crime to take or use without authorization such information and to attempt or conspire to engage in such misconduct.the company that submitted the Security Package is a cloud service provider to GSA under FedRAMP. I acknowledge that (i) any FedRAMP Security Package documents and any other confidential information disclosed to Recipient under this Agreement are the proprietary technical or commercial information or trade secret information of the submitting company and (ii) the submitting company is an intended third-party beneficiary of this Agreement and may enforce its terms with respect to such information directly through an action in any court of competent jurisdiction. User s Signature: Date: Page 2 of 6 Version 5 3/1/2017

Agreement for Authorized FedRAMP Approver (CISO; DAA) If the user which I am certifying leaves my agency for any reason, or transfers to a different department, I agree to notify info@fedramp.gov of their departure from my supervision immediately. Please initial each box. I am a Federal employee. I have the authority to grant FISMA authorizations for my agency. The person requesting access to the security package is acting requesting access for official government purposes. I agree to ensure that the package reviewer acts in accordance with the rules of behavior cited and agreed to. When the package reviewer no longer needs access, I will notify the FedRAMP PMO. The undersigned Authorized FedRAMP Approver certifies that the information listed above is current and accurate. Authorized FedRAMP Approver (please print): Authorized FedRAMP Approver s Signature: Date: FOR OFFICE Of FedRAMP PMO USE ONLY Date received: Approval Date: FedRAMP PMO Official Signature: Date access granted: Planned termination date: Actual termination date: Comments: Page 3 of 6 Version 5 3/1/2017

Attachment A: Federal Contractor Non Disclosure Agreement for FedRAMP Page 4 of 6 Version 5 3/1/2017

Federal Contractor Non Disclosure Agreement for FedRAMP THIS NONDISCLOSURE AGREEMENT is entered into as of the date signed below by GSA, which is the party disclosing confidential information, and, who is the party receiving confidential information ("Recipient"), in order to protect the confidential information which is disclosed to Recipient by GSA. NOW THEREFORE, in consideration of the mutual covenants contained herein, the parties hereto agree as follows: 1. This Non-Disclosure Agreement ( Agreement ) is supplemental to the FedRAMP Package Access Request Form For Review of FedRAMP Security Package ( Access Request Form ) to which Recipient has agreed. In the event of a conflict between this Agreement and the Access Request Form, the Access Request Form shall control. 2. The Confidential Information disclosed by GSA under this Agreement is: confidential and proprietary security authorization materials for the Federal Risk and Authorization Management Program (FedRAMP). 3. Recipient shall not disclose the Confidential Information to any third party. The Recipient shall keep the Confidential Information confidential and shall use the Confidential Information only for evaluation of a cloud service provider s security risk level in granting Federal agency specific security authorizations. 4. The Recipient shall not make any copies (electronic or otherwise) of the Confidential Information. 5. Recipient shall safeguard all Confidential Information (whether disclosed orally or otherwise) with at least the same degree of care (but no less than reasonable care) as it uses to safeguard its own Confidential Information of like kind. Recipient shall limit distribution of Confidential Information that it receives pursuant to this Agreement to its employees who have a need to know the information for the purposes set forth in Paragraph 3 and who have previously agreed to be bound by confidentiality obligations no less stringent than those in this Agreement and the online Agreement for Package Reviewers to which Recipient has agreed. 6. This agreement controls only Confidential Information which is disclosed to Recipient between the effective date (the date of last signature) and the end of the cloud service provider s authority to operate as defined in the ATO letter. Recipient's duties under Paragraphs 3, 4 and 5 of this Agreement shall expire twenty (20) years after the expiration of the cloud service provider s authority to operate as defined in the ATO letter. Upon written request by GSA on or before the expiration of the confidentiality period as set forth herein, Recipient shall certify that it has no Confidential Information in its possession and that it has destroyed or deleted all Confidential Information that has been disclosed to it in electronic format. 7. This Agreement imposes no obligation upon the Recipient with respect to confidential information which (a) was in the Recipient's possession before receipt from FedRAMP; (b) is or becomes a matter of public knowledge through no fault of the Recipient; (c) is received by the Recipient from a third party without a duty of confidentiality; (d) is independently disclosed by the Recipient with GSA's prior written approval, or (e) is developed by the Recipient without reference to information disclosed hereunder. 8. FedRAMP warrants that it has the right to make the disclosures under this Agreement. 9. Neither party acquires any intellectual property rights under this Agreement. 10. I am aware that an unauthorized disclosure of any proprietary or confidential information may subject me to criminal, civil, and/or administrative penalties. 11. Appropriations Act restriction: These restrictions are consistent with and do not supersede, conflict with, or otherwise alter the employee obligations, rights, or liabilities created by Executive Order No. 12958; section 7211 of title 5, United States Code (governing disclosures to Congress); section 1034 of title 10, United States Code, as amended by the Military Whistleblower Protection Act (governing disclosure to Congress by members of the military); section 2302(b)(8) of title 5, United States Code, as amended by the Whistleblower Protection Act (governing disclosures of illegality, waste, fraud, abuse or public health or safety threats); the Intelligence Identities Protection Act of 1982 (50 U.S.C. 421 et seq.) (governing disclosures that could expose confidential Government Page 5 of 6 Version 5 3/1/2017

agents); and the statutes which protect against disclosure that may compromise the national security, including sections 641, 793, 794, 798, and 952 of title 18, United States Code, and section 4(b) of the Subversive Activities Act of 1950 (50 U.S.C. 783(b)). The definitions, requirements, obligations, rights, sanctions, and liabilities created by said Executive order and listed statutes are incorporated into this agreement and are controlling. 12. The parties do not intend that any agency or partnership relationship be created between them by this Agreement. With respect to any Confidential Information disclosed to Recipient under this Agreement that is the proprietary technical or commercial information or trade secret information of a cloud service provider to GSA under FedRAMP, such cloud service provider is an intended third-party beneficiary of this Agreement and may enforce its terms with respect to such information directly through an action in any court of competent jurisdiction. 13. All additions or modifications to this Agreement must be in writing and signed by both parties. 14. This Agreement is made under and shall be governed by the laws of the United States. 15. This Agreement may be terminated immediately by either party upon delivery of written notice of termination to the other party. Such termination shall not affect Recipient's duties with respect to confidential information disclosed prior to termination including without limitation those under Section 7 above. SIGNED IN WITNESS WHEREOF, the parties have executed this Agreement as of the date of the last signature below. Federal Contractor Name (please print): Federal Contractor Signature: Date: FOR OFFICE OF FedRAMP PMO USE ONLY PMO Receipt Date: PMO Reviewer: Page 6 of 6 Version 5 3/1/2017

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback